Dr. Stephen Henson [Wed, 28 Jan 2009 12:35:10 +0000 (12:35 +0000)]
Support NumericString for name components.
Richard Levitte [Wed, 28 Jan 2009 07:54:16 +0000 (07:54 +0000)]
Add missing modules
Dr. Stephen Henson [Wed, 21 Jan 2009 21:44:52 +0000 (21:44 +0000)]
PR: 1806
Submitted by: philipp_subx@redfish-solutions.com
Approved by: steve
Use ${CC:-gcc} instead of just gcc in domd, to support cross compilation.
Dr. Stephen Henson [Mon, 19 Jan 2009 16:42:18 +0000 (16:42 +0000)]
No need to add fips to @skip
Dr. Stephen Henson [Mon, 19 Jan 2009 16:40:44 +0000 (16:40 +0000)]
If not compiling for fips don't do anything in fips directory.
Install fipscanister.o and friends from FIPSLIBDIR location.
Ben Laurie [Sat, 17 Jan 2009 14:36:17 +0000 (14:36 +0000)]
Make it possible to override CC.
Richard Levitte [Sat, 17 Jan 2009 12:33:43 +0000 (12:33 +0000)]
Another symbol that's longer than 31 characters.
Richard Levitte [Sat, 17 Jan 2009 12:33:11 +0000 (12:33 +0000)]
A forgotten module...
Dr. Stephen Henson [Thu, 15 Jan 2009 12:34:54 +0000 (12:34 +0000)]
Stop warnings on WIN64
Dr. Stephen Henson [Wed, 14 Jan 2009 11:10:33 +0000 (11:10 +0000)]
Some platforms need $(EX_LIBS) when building fips_standalone_sha1 from
an external fipscanister.o
Dr. Stephen Henson [Wed, 14 Jan 2009 10:46:00 +0000 (10:46 +0000)]
Update from HEAD.
Dr. Stephen Henson [Wed, 7 Jan 2009 23:45:19 +0000 (23:45 +0000)]
Oops, remove duplicate entry.
Dr. Stephen Henson [Wed, 7 Jan 2009 23:38:34 +0000 (23:38 +0000)]
Prepare for next version.
Dr. Stephen Henson [Wed, 7 Jan 2009 10:50:54 +0000 (10:50 +0000)]
Prepare for 0.9.8j release.
Dr. Stephen Henson [Wed, 7 Jan 2009 10:48:23 +0000 (10:48 +0000)]
Properly check EVP_VerifyFinal() and similar return values
(CVE-2008-5077).
Submitted by: Ben Laurie, Bodo Moeller, Google Security Team
Lutz Jänicke [Mon, 5 Jan 2009 14:43:07 +0000 (14:43 +0000)]
Fix compilation with -no-comp by adding some more #ifndef OPENSSL_NO_COMP
Some #include statements were not properly protected. This will go unnoted
on most systems as openssl/comp.h tends to be installed as a system header
file by default but may become visible when cross compiling.
Dr. Stephen Henson [Mon, 5 Jan 2009 12:47:11 +0000 (12:47 +0000)]
make update.
Dr. Stephen Henson [Wed, 31 Dec 2008 12:00:35 +0000 (12:00 +0000)]
Update ordinals.
Andy Polyakov [Tue, 30 Dec 2008 13:41:08 +0000 (13:41 +0000)]
Synchronize with bn_nist.c from HEAD.
Andy Polyakov [Tue, 30 Dec 2008 13:30:57 +0000 (13:30 +0000)]
Backport cvs.openssl.org/chngview?cn=17710 from HEAD.
PR: 1230
Andy Polyakov [Tue, 30 Dec 2008 13:26:26 +0000 (13:26 +0000)]
Some seasoned makes fail to build. For reference. I had problem with Irix
make which doesn't tolerate empty targets, and fips/Makefile ends up with
one when FIPSCANLIB is empty. Build failed as early as 'make links' phase.
Dr. Stephen Henson [Mon, 29 Dec 2008 00:18:23 +0000 (00:18 +0000)]
Update default compiler options for default tls extension config.
Add -Wsign-compare to debug-steve64
Dr. Stephen Henson [Mon, 29 Dec 2008 00:17:36 +0000 (00:17 +0000)]
Avoid signed/unsigned compare warnings.
Andy Polyakov [Sat, 27 Dec 2008 13:34:30 +0000 (13:34 +0000)]
Backport aes-x86_64.pl update from HEAD.
Ben Laurie [Fri, 26 Dec 2008 15:27:51 +0000 (15:27 +0000)]
Enable TLS Extensions by default.
Richard Levitte [Thu, 25 Dec 2008 22:24:21 +0000 (22:24 +0000)]
In BIO_write(), update the write statistics, not the read statistics.
PR: 1803
Richard Levitte [Thu, 25 Dec 2008 22:04:45 +0000 (22:04 +0000)]
Further synchronisation with Unix
Richard Levitte [Mon, 22 Dec 2008 09:30:09 +0000 (09:30 +0000)]
Synchronise with Unixly build.
Dr. Stephen Henson [Sat, 20 Dec 2008 17:04:09 +0000 (17:04 +0000)]
Make no-engine work again...
Andy Polyakov [Wed, 17 Dec 2008 14:14:51 +0000 (14:14 +0000)]
Backport aes-x86_64.pl update from HEAD and revisit same code in aes-586.pl.
PR: 1801
Ben Laurie [Sat, 13 Dec 2008 17:00:53 +0000 (17:00 +0000)]
Missing return values (Coverity ID 204).
Ben Laurie [Sat, 13 Dec 2008 12:22:47 +0000 (12:22 +0000)]
Make depend.
Dr. Stephen Henson [Wed, 10 Dec 2008 17:34:11 +0000 (17:34 +0000)]
Remove tests which rely on old root certs being present.
Lutz Jänicke [Wed, 10 Dec 2008 08:03:48 +0000 (08:03 +0000)]
apps/speed.c: children should not inherit buffered I/O
PR: 1787
Submitted by: Artur Klauser <aklauser@google.com>
Dr. Stephen Henson [Mon, 8 Dec 2008 19:13:57 +0000 (19:13 +0000)]
Fix from HEAD.
Dr. Stephen Henson [Sun, 7 Dec 2008 23:59:13 +0000 (23:59 +0000)]
Fix from HEAD.
Bodo Möller [Tue, 2 Dec 2008 23:50:21 +0000 (23:50 +0000)]
experimental-foo support for mk1mf.pl.
Ben Laurie [Tue, 2 Dec 2008 18:14:44 +0000 (18:14 +0000)]
Fix warnings.
Ben Laurie [Tue, 2 Dec 2008 13:36:47 +0000 (13:36 +0000)]
Warn about JPAKE brokenness.
Bodo Möller [Tue, 2 Dec 2008 01:21:06 +0000 (01:21 +0000)]
Implement Configure option pattern "experimental-foo"
(specifically, "experimental-jpake").
Dr. Stephen Henson [Sun, 30 Nov 2008 16:07:11 +0000 (16:07 +0000)]
Don't clobber passed GENERAL_NAME on error.
Geoff Thorpe [Fri, 28 Nov 2008 22:04:25 +0000 (22:04 +0000)]
Clarify a 'chil' engine param that is a little unintuitive.
Submitted by: Sander Temme <sander@temme.net>
Dr. Stephen Henson [Mon, 24 Nov 2008 17:49:21 +0000 (17:49 +0000)]
Update dependencies.
Dr. Stephen Henson [Mon, 24 Nov 2008 17:02:49 +0000 (17:02 +0000)]
Move new function CRYPTO_strdup to mem_dbg.c because mem.c is excluded in
a fips build.
Dr. Stephen Henson [Mon, 24 Nov 2008 16:14:15 +0000 (16:14 +0000)]
Revert OPENSSL_EXPERIMENTAL patch.
Change it so JPAKE uses the standard OPENSSL_NO_JPAKE instead.
Dr. Stephen Henson [Fri, 21 Nov 2008 18:18:28 +0000 (18:18 +0000)]
Update from HEAD.
Dr. Stephen Henson [Wed, 19 Nov 2008 16:03:51 +0000 (16:03 +0000)]
Commit default dependencies.
Geoff Thorpe [Wed, 19 Nov 2008 14:08:06 +0000 (14:08 +0000)]
Allow the CHIL engine to load even if dynamic locks aren't registered.
Submitted by: Sander Temme
Dr. Stephen Henson [Wed, 19 Nov 2008 00:40:59 +0000 (00:40 +0000)]
Remove jpake.h dependencies from default build.
Dr. Stephen Henson [Tue, 18 Nov 2008 22:23:20 +0000 (22:23 +0000)]
On WIN32 use /MD for static library in FIPS mode to match value of
validated module.
Dr. Stephen Henson [Sat, 15 Nov 2008 17:47:31 +0000 (17:47 +0000)]
Update .cvsignore
Dr. Stephen Henson [Sat, 15 Nov 2008 17:46:41 +0000 (17:46 +0000)]
Stop warnings.
Bodo Möller [Fri, 14 Nov 2008 00:18:23 +0000 (00:18 +0000)]
warnings
Bodo Möller [Fri, 14 Nov 2008 00:17:43 +0000 (00:17 +0000)]
make update
Dr. Stephen Henson [Thu, 13 Nov 2008 15:08:33 +0000 (15:08 +0000)]
Fixes for "make depend". Features which need a #define to be set to
enable them, like FIPS and JPAKE need to have these set when building
dependencies.
Ben Laurie [Thu, 13 Nov 2008 11:35:23 +0000 (11:35 +0000)]
Not an error to include jpake.h when disabled.
Ben Laurie [Thu, 13 Nov 2008 09:50:24 +0000 (09:50 +0000)]
J-PAKE is not RSA.
Dr. Stephen Henson [Wed, 12 Nov 2008 19:05:42 +0000 (19:05 +0000)]
Oops...
Dr. Stephen Henson [Wed, 12 Nov 2008 18:27:17 +0000 (18:27 +0000)]
Update mk1mf.pl for new JPAKE options. Update jpaketest.c for WIN32.
Dr. Stephen Henson [Wed, 12 Nov 2008 16:54:35 +0000 (16:54 +0000)]
Add support for experimental code, not compiled in by default and
with OPENSSL_EXPERIMENTAL_FOO around it. Make JPAKE experimental.
Dr. Stephen Henson [Tue, 11 Nov 2008 12:52:14 +0000 (12:52 +0000)]
Don't attempt to enter FIPS mode in autoconfig module if already in FIPS mode.
Dr. Stephen Henson [Tue, 11 Nov 2008 12:42:32 +0000 (12:42 +0000)]
Update from HEAD.
Dr. Stephen Henson [Tue, 11 Nov 2008 12:22:17 +0000 (12:22 +0000)]
Avoid conflict with some version of Windows platform SDK.
Dr. Stephen Henson [Tue, 11 Nov 2008 10:17:22 +0000 (10:17 +0000)]
PR: 1782
Submitted by: Philip Prindeville <philipp_subx@redfish-solutions.com>
Approved by: steve@openssl.org
Dr. Stephen Henson [Mon, 10 Nov 2008 18:55:07 +0000 (18:55 +0000)]
Make -DKSSL_DEBUG work again.
Dr. Stephen Henson [Mon, 10 Nov 2008 18:22:50 +0000 (18:22 +0000)]
Fix warnings.
Lutz Jänicke [Mon, 10 Nov 2008 11:26:46 +0000 (11:26 +0000)]
Clarify (non-)blocking behavior of EGD socket interface used by RAND_egd().
Dr. Stephen Henson [Wed, 5 Nov 2008 18:36:57 +0000 (18:36 +0000)]
Change old obsolete email address...
Dr. Stephen Henson [Wed, 5 Nov 2008 18:29:49 +0000 (18:29 +0000)]
Fix from HEAD.
Dr. Stephen Henson [Fri, 31 Oct 2008 12:18:42 +0000 (12:18 +0000)]
Oops...
Dr. Stephen Henson [Fri, 31 Oct 2008 12:09:18 +0000 (12:09 +0000)]
Fix from HEAD.
Andy Polyakov [Tue, 28 Oct 2008 16:30:09 +0000 (16:30 +0000)]
randfile.c: .rnd can become orphaned on VMS [from HEAD].
Submitted by: David North
Andy Polyakov [Tue, 28 Oct 2008 15:33:07 +0000 (15:33 +0000)]
.cvsignore update: ignore all flavors of shared objects [from HEAD].
Andy Polyakov [Tue, 28 Oct 2008 13:47:38 +0000 (13:47 +0000)]
Fix crash in BN_rshift [from HEAD].
PR: 1663
Dr. Stephen Henson [Mon, 27 Oct 2008 12:30:33 +0000 (12:30 +0000)]
Win32 fixes, add new directory to WIN32 build system.
Dr. Stephen Henson [Mon, 27 Oct 2008 12:04:04 +0000 (12:04 +0000)]
Fixes from HEAD.
Ben Laurie [Sun, 26 Oct 2008 18:42:05 +0000 (18:42 +0000)]
Add JPAKE.
Ben Laurie [Sun, 26 Oct 2008 15:37:31 +0000 (15:37 +0000)]
Minor clarity enhancements.
Dr. Stephen Henson [Sun, 26 Oct 2008 11:54:26 +0000 (11:54 +0000)]
Avoid warning.
Dr. Stephen Henson [Wed, 22 Oct 2008 19:55:25 +0000 (19:55 +0000)]
Update from HEAD.
Dr. Stephen Henson [Wed, 22 Oct 2008 18:51:37 +0000 (18:51 +0000)]
Return correct exit code if there is an error in dgst command.
Dr. Stephen Henson [Wed, 22 Oct 2008 18:48:50 +0000 (18:48 +0000)]
Sync OIDS with HEAD.
Lutz Jänicke [Wed, 22 Oct 2008 06:46:13 +0000 (06:46 +0000)]
Allow detection of input EOF in quiet mode by adding -no_ign_eof option
to s_client application.
PR: #1761
Submitted by: David Woodhouse <dwmw2@infradead.org>
Lutz Jänicke [Mon, 20 Oct 2008 12:53:33 +0000 (12:53 +0000)]
Add missing "-d" to option list of openssl version.
Submitted by: Alex Chen <alex_chen@filemaker.com>
Lutz Jänicke [Mon, 20 Oct 2008 12:40:20 +0000 (12:40 +0000)]
Armor pq_compat.h header file against multiple inclusion
Submitted by: Alex Chen <alex_chen@filemaker.com>
Ben Laurie [Mon, 20 Oct 2008 09:26:04 +0000 (09:26 +0000)]
Distinguish public/private data more clearly.
Ben Laurie [Sun, 19 Oct 2008 15:34:13 +0000 (15:34 +0000)]
Ignore executable.
Ben Laurie [Sun, 19 Oct 2008 15:33:32 +0000 (15:33 +0000)]
Add J-PAKE demo.
Ben Laurie [Sat, 18 Oct 2008 14:27:36 +0000 (14:27 +0000)]
Constification.
Ben Laurie [Tue, 14 Oct 2008 19:21:30 +0000 (19:21 +0000)]
Set the comparison function in v3_addr_canonize().
Ben Laurie [Tue, 14 Oct 2008 19:09:47 +0000 (19:09 +0000)]
Add XMPP STARTTLS support.
Ben Laurie [Tue, 14 Oct 2008 19:05:02 +0000 (19:05 +0000)]
Fix warnings.
Lutz Jänicke [Mon, 13 Oct 2008 06:43:06 +0000 (06:43 +0000)]
Firstly, the bitmap we use for replay protection was ending up with zero
length, so a _single_ pair of packets getting switched around would
cause one of them to be 'dropped'.
Secondly, it wasn't even _dropping_ the offending packets, in the
non-blocking case. It was just returning garbage instead.
PR: #1752
Submitted by: David Woodhouse <dwmw2@infradead.org>
Lutz Jänicke [Fri, 10 Oct 2008 10:41:32 +0000 (10:41 +0000)]
When the underlying BIO_write() fails to send a datagram, we leave the
offending record queued as 'pending'. The DTLS code doesn't expect this,
and we end up hitting an OPENSSL_assert() in do_dtls1_write().
The simple fix is just _not_ to leave it queued. In DTLS, dropping
packets is perfectly acceptable -- and even preferable. If we wanted a
service with retries and guaranteed delivery, we'd be using TCP.
PR: #1703
Submitted by: David Woodhouse <dwmw2@infradead.org>
Lutz Jänicke [Mon, 6 Oct 2008 10:35:29 +0000 (10:35 +0000)]
Fix incorrect command for assember file generation on IA64
Submitted by: Amadeu A. Barbosa Jr <amadeu@tecgraf.puc-rio.br>
Dr. Stephen Henson [Thu, 25 Sep 2008 16:38:07 +0000 (16:38 +0000)]
Check for errors in ASN1 sign and verify routines.
Andy Polyakov [Tue, 23 Sep 2008 17:34:08 +0000 (17:34 +0000)]
Fix EC_KEY_check_key [from HEAD].
Dr. Stephen Henson [Tue, 23 Sep 2008 11:21:17 +0000 (11:21 +0000)]
Typo.
Bodo Möller [Mon, 22 Sep 2008 21:22:51 +0000 (21:22 +0000)]
Make sure that SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG can't
enable disabled ciphersuites.
Dr. Stephen Henson [Sun, 21 Sep 2008 11:40:36 +0000 (11:40 +0000)]
Fix warnings when more pedantic "debuge-steve32" target is used.